## API Report File for "@backstage/plugin-permission-common"

> Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/).

```ts
import { Config } from '@backstage/config';
import { JsonPrimitive } from '@backstage/types';

// @public
export type AllOfCriteria<TQuery> = {
  allOf: NonEmptyArray<PermissionCriteria<TQuery>>;
};

// @public
export type AnyOfCriteria<TQuery> = {
  anyOf: NonEmptyArray<PermissionCriteria<TQuery>>;
};

// @public
export type AuthorizePermissionRequest =
  | {
      permission: Exclude<Permission, ResourcePermission>;
      resourceRef?: never;
    }
  | {
      permission: ResourcePermission;
      resourceRef: string;
    };

// @public
export type AuthorizePermissionResponse = DefinitivePolicyDecision;

// @public
export type AuthorizeRequestOptions = {
  token?: string;
};

// @public
export enum AuthorizeResult {
  ALLOW = 'ALLOW',
  CONDITIONAL = 'CONDITIONAL',
  DENY = 'DENY',
}

// @public
export type BasicPermission = PermissionBase<'basic', {}>;

// @public
export type ConditionalPolicyDecision = {
  result: AuthorizeResult.CONDITIONAL;
  pluginId: string;
  resourceType: string;
  conditions: PermissionCriteria<PermissionCondition>;
};

// @public
export function createPermission<TResourceType extends string>(input: {
  name: string;
  attributes: PermissionAttributes;
  resourceType: TResourceType;
}): ResourcePermission<TResourceType>;

// @public
export function createPermission(input: {
  name: string;
  attributes: PermissionAttributes;
}): BasicPermission;

// @public
export type DefinitivePolicyDecision = {
  result: AuthorizeResult.ALLOW | AuthorizeResult.DENY;
};

// @public
export type DiscoveryApi = {
  getBaseUrl(pluginId: string): Promise<string>;
};

// @public
export type EvaluatePermissionRequest = {
  permission: Permission;
  resourceRef?: string;
};

// @public
export type EvaluatePermissionRequestBatch =
  PermissionMessageBatch<EvaluatePermissionRequest>;

// @public
export type EvaluatePermissionResponse = PolicyDecision;

// @public
export type EvaluatePermissionResponseBatch =
  PermissionMessageBatch<EvaluatePermissionResponse>;

// @public
export type EvaluatorRequestOptions = {
  token?: string;
};

// @public
export type IdentifiedPermissionMessage<T> = T & {
  id: string;
};

// @public
export function isCreatePermission(permission: Permission): boolean;

// @public
export function isDeletePermission(permission: Permission): boolean;

// @public
export function isPermission<T extends Permission>(
  permission: Permission,
  comparedPermission: T,
): permission is T;

// @public
export function isReadPermission(permission: Permission): boolean;

// @public
export function isResourcePermission<T extends string = string>(
  permission: Permission,
  resourceType?: T,
): permission is ResourcePermission<T>;

// @public
export function isUpdatePermission(permission: Permission): boolean;

// @public
export type NotCriteria<TQuery> = {
  not: PermissionCriteria<TQuery>;
};

// @public
export type Permission = BasicPermission | ResourcePermission;

// @public
export type PermissionAttributes = {
  action?: 'create' | 'read' | 'update' | 'delete';
};

// @public @deprecated
export interface PermissionAuthorizer {
  // (undocumented)
  authorize(
    requests: EvaluatePermissionRequest[],
    options?: AuthorizeRequestOptions,
  ): Promise<EvaluatePermissionResponse[]>;
}

// @public
export type PermissionBase<TType extends string, TFields extends object> = {
  name: string;
  attributes: PermissionAttributes;
} & {
  type: TType;
} & TFields;

// @public
export class PermissionClient implements PermissionEvaluator {
  constructor(options: { discovery: DiscoveryApi; config: Config });
  authorize(
    requests: AuthorizePermissionRequest[],
    options?: EvaluatorRequestOptions,
  ): Promise<AuthorizePermissionResponse[]>;
  authorizeConditional(
    queries: QueryPermissionRequest[],
    options?: EvaluatorRequestOptions,
  ): Promise<QueryPermissionResponse[]>;
}

// @public
export type PermissionCondition<
  TResourceType extends string = string,
  TParams extends PermissionRuleParams = PermissionRuleParams,
> = {
  resourceType: TResourceType;
  rule: string;
  params?: TParams;
};

// @public
export type PermissionCriteria<TQuery> =
  | AllOfCriteria<TQuery>
  | AnyOfCriteria<TQuery>
  | NotCriteria<TQuery>
  | TQuery;

// @public
export interface PermissionEvaluator {
  authorize(
    requests: AuthorizePermissionRequest[],
    options?: EvaluatorRequestOptions,
  ): Promise<AuthorizePermissionResponse[]>;
  authorizeConditional(
    requests: QueryPermissionRequest[],
    options?: EvaluatorRequestOptions,
  ): Promise<QueryPermissionResponse[]>;
}

// @public
export type PermissionMessageBatch<T> = {
  items: IdentifiedPermissionMessage<T>[];
};

// @public
export type PermissionRuleParam = undefined | JsonPrimitive | JsonPrimitive[];

// @public
export type PermissionRuleParams =
  | undefined
  | Record<string, PermissionRuleParam>;

// @public
export type PolicyDecision =
  | DefinitivePolicyDecision
  | ConditionalPolicyDecision;

// @public
export type QueryPermissionRequest = {
  permission: ResourcePermission;
  resourceRef?: never;
};

// @public
export type QueryPermissionResponse = PolicyDecision;

// @public
export type ResourcePermission<TResourceType extends string = string> =
  PermissionBase<
    'resource',
    {
      resourceType: TResourceType;
    }
  >;

// @public
export function toPermissionEvaluator(
  permissionAuthorizer: PermissionAuthorizer,
): PermissionEvaluator;
```
